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CLAIMS 

What is cl ai m e d is; 

5 1 . A method for providing single step log-on access to a subscriber of a computer 
network having a first and second area, said method including the steps of: 

linking a Service Selection Gateway (SSG) Server to a Network Access Server 
(NAS), said NAS providing said subscriber with access to said first area, and said SSG 
10 Server providing said subscriber with access to said second area; 

linking said SSG Server to an Authentication Authorization and Accounting 
(AAA) Server, 



15 intercepting and forwarding packets of data sent between said NAS and said 

AAA Server; and 

manipulating information in said data packets* to allow said SSG to automatically 
log said subscriber on to said SSG when said subscriber logs on to said NAS, without 
20 requiring said subscriber to re-enter data already entered or launch a separate 
application. 

2, A method for providing single step log-on access for a subscriber of a computer 
network having a first and second separate area, said method comprising the steps of: 

25 
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establishing a connection between said subscriber and a Network Access Server 

(NAS);/ 

routing access-request packets from said NAS to a Service Selection Gateway 
5 (SSG) Server; 

utilizing information in said access-request packets to initiate log-on for said 
subscriber to said second area; 

10 routing said access-request packets from said SSG Server to an Authentication 

Authorization and Accounting (AAA) Server to initiate log-on for said subscriber to said 
first area; and 

routing packets responsive to said access-request packets from said AAA Server 
15 back to said NAS via said SSG Server to complete log-on for said subscriber to said first 
and second areas. 

3. A method for providing single-step log-on access to a subscriber of a computer 
network, said computer network differentiated into a plurality of areas, said method 
20 including the steps of: 

sending an access-request packet from a Network Access Server (NAS) to a 
Service Selection Gateway (SSG) Server when said subscriber connects to said NAS, 
according to a communications protocol; 

25 
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forwarding said access-request packet to an Authentication Authorization and 
Accounting (AAA) Server, 



in reply to said access-request packet, sending an access-reply packet from said 
5 AAA Server back to said SSG Server according to said communications protocol; 

checking if said access-reply packet contains an IP address for said subscriber, 
said IP address assigned by said AAA Server; 

10 if said access-reply packet contains said IP address, then: 

logging said subscriber on to said SSG Server with said IP address, if said access- 
reply packet contains authorization from said AAA Server; 

15 forwarding said access-reply packet to said NAS according to said 

communications protocol; and 

logging said subscriber on to said NAS with said IP address, if said forwarded 
access-reply packet contains authorization from said AAA Server; or 

20 

if said access-replyl packet does not contain said IP address, then: 

logging said subscriber on to said SSG server with a temporary dummy IP address, 
if said access-reply packet contains authorization from said AAA Server; 

25 



14 




CISCO-0698 



assigning a user identification number to said subscriber, 

forwarding said access-reply packet and said user identification number to said 
NAS, according to said communications protocol; 

5 

logging said subscriber on to said NAS with a genuine IP address, if said 
forwarded access-reply packet contains authorization from said AAA Server; 

sending an accounting-start packet from said NAS to said SSG, said aceounting- 
10 start packet containing said genuine IP address and said user identification number, 
according to said communications protocol; 

reading said accounting-start packet to determine said genuine IP address of said 
subscriber; 

15 

replacing said temporary dummy IP address with said genuine IP address on said 
SSG Server, and 

forwarding said accounting-start packet to said AAA. 

20 

4. The method of claim 3, wherein said communications protocol is the Remote 
Authentication Dial-In User Service (RADIUS) protocol; 

5. The method of claim 4, wherein said forwarding step further comprises the sub- 
25 step of: 
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wriiing said user identification number into said access-reply packet as a RADIUS 
Attribute. 

6. The method of claim 5, wherein said RADIUS Attribute is a RADIUS Class 
Attribute. 

7. The method of claim 3, wherein said user identification number is said temporary 
dummy IP address. 



16 



